UCF STIG Viewer Logo

Google Android 12 COBO Security Technical Implementation Guide


Overview

Date Finding Count (31)
2021-09-17 CAT I (High): 1 CAT II (Med): 26 CAT III (Low): 4
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC II - Mission Support Classified)

Finding ID Severity Title
V-250411 High Android 12 devices must have the latest available Google Android 12 operating system installed.
V-250417 Medium Google Android 12 must be configured to disable all data signaling over [assignment: list of externally accessible hardware ports (for example, USB)].
V-250416 Medium Google Android 12 must allow only the administrator (EMM) to install/remove DoD root and intermediate PKI certificates.
V-250410 Medium Google Android 12 must be configured to disallow configuration of date and time.
V-250387 Medium Google Android 12 must be configured to not allow passwords that include more than two repeating or sequential characters.
V-250386 Medium Google Android 12 must be configured to enforce a minimum password length of six characters.
V-250385 Medium Google Android 12 must be configured to enable audit logging.
V-250389 Medium Google Android 12 must be configured to lock the display after 15 minutes (or less) of inactivity.
V-250388 Medium Google Android 12 must be configured to enable a screen-lock policy that will lock the display after a period of inactivity.
V-250404 Medium Google Android 12 must be configured to disable ad hoc wireless client-to-client connection capability.
V-250405 Medium Google Android 12 users must complete required training.
V-250406 Medium Google Android 12 must be configured to enforce that Wi-Fi Sharing is disabled.
V-250407 Medium Google Android 12 must have the DoD root and intermediate PKI certificates installed.
V-250400 Medium Google Android 12 must be configured to not allow backup of [all applications, configuration data] to locally connected systems.
V-250401 Medium Google Android 12 must be configured to not allow backup of [all applications, configuration data] to remote systems.
V-250402 Medium Google Android 12 must be configured to disable multiuser modes.
V-250408 Medium Google Android 12 work profile must be configured to enforce the system application disable list.
V-250409 Medium Google Android 12 work profile must be configured to disable automatic completion of work space Internet browser text input.
V-250390 Medium Google Android 12 must be configured to not allow more than 10 consecutive failed authentication attempts.
V-250391 Medium Google Android 12 must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including [selection: DoD-approved commercial app repository, MDM server, mobile application store].
V-250392 Medium Google Android 12 must be configured to enforce an application installation policy by specifying an application allowlist that restricts applications by the following characteristics: [selection: list of digital signatures, cryptographic hash values, names, application version].
V-250393 Medium Google Android 12 allowlist must be configured to not include applications with the following characteristics: 1. Back up mobile device (MD) data to non-DoD cloud servers (including user and application access to cloud backup services);2. Transmit MD diagnostic data to non-DoD servers;3. Voice assistant application if available when MD is locked;4. Voice dialing application if available when MD is locked;5. Allows synchronization of data or applications between devices associated with user; and6. Allows unencrypted (or encrypted but not FIPS 140-2 validated) data sharing with other MDs or printers.
V-250394 Medium Google Android 12 must be configured to not display the following (work profile) notifications when the device is locked: [selection: a. email notifications b. calendar appointments c. contact associated with phone call notification d. text message notification e. other application-based notifications f. all notifications].
V-250395 Medium Google Android 12 must be configured to disable trust agents. Note: This requirement is not applicable (NA) for specific biometric authentication factors included in the product's Common Criteria evaluation.
V-250396 Medium Google Android 12 must be configured to disable developer modes.
V-250398 Medium Google Android 12 must be configured to generate audit records for the following auditable events: detected integrity violations.
V-250399 Medium Google Android 12 must be configured to disable USB mass storage mode.
V-250413 Low Android 12 devices must be configured to enable Common Criteria Mode (CC Mode).
V-250412 Low Android 12 devices must be configured to disable the use of third-party keyboards.
V-250403 Low Google Android 12 must be configured to disable Bluetooth or configured via User Based Enforcement (UBE) to allow Bluetooth for only Headset Profile (HSP), Hands-Free Profile (HFP), and Serial Port Profile (SPP).
V-250397 Low Google Android 12 must be configured to display the DoD advisory warning message at startup or each time the user unlocks the device.